New PayPal Scam Targets Users!

A sophisticated PayPal phishing scam, uncovered by Fortinet’s FortiGuard Labs, exploits legitimate features of PayPal and Microsoft365. Attackers send genuine-looking emails using MS365 domains, prompting victims to link their accounts to unauthorized addresses. This clever tactic bypasses phishing filters and could lead to account takeovers and financial loss.
The scam uses real PayPal login pages and legitimate-looking URLs, tricking users into entering their credentials. By leveraging Microsoft365’s Sender Rewriting Scheme (SRS), scammers ensure their emails pass security checks, making them appear authentic. To stay safe, avoid unsolicited emails, verify URLs before clicking, and enable two-factor authentication (2FA) on your PayPal account. Awareness and caution are your best defenses against this new wave of phishing attacks.
Source: Hack read January 2025.